package jdbc;

import java.sql.*;
import java.util.Scanner;

/**
 * 登录功能[使用预编译SQl方式，防止SQL注入攻击]
 */
public class JDBCLogin2 {
    public static void main(String[] args) {
        try (Connection connection = DBUtil.getConnection()) {
            Statement statement = connection.createStatement();
            Scanner scanner = new Scanner(System.in);
            System.out.println("用户名");
            String username = scanner.nextLine();
            System.out.println("密码");
            String password = scanner.nextLine();
            // 定义2预编译SQL语句 [？代表占位符]
            String sql = "SELECT nickname, password FROM userinfo WHERE password =? AND username=?";
            PreparedStatement ps = connection.prepareStatement(sql);
            //设置？的值
            ps.setString(1,password);
            ps.setString(2,username);
            //执行预编译SQL
            ResultSet r = ps.executeQuery();
            if(r.next()){
                String nickname = r.getString("nickname");
                System.out.println("登陆成功，欢迎您"+nickname);

            }else {
                System.out.println("用户名或密码错误");
            }

        }catch (SQLException e){
            throw  new RuntimeException(e);
        }
    }
}
